Module 9: Understanding Virtual LANs

www.cisco.com

1999, Cisco Systems, Inc.

Agenda

What Is a VLAN? How Does it Work? VLAN Technologies

CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-2

Constraints of Shared LANs

Users are physically bound Subnets are tied to hubs Users are grouped by location No security on segment Addressing is constrained

Moves require address changes

Router ports are expensive

CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-3

Virtual LANs
VLAN 1 VLAN 2 VLAN 3

One broadcast domain within a switch VLANs help manage broadcast domain Can be defined on port groups, users, or protocols

Server Farm

LAN switches and network management software provide a mechanism to create VLANs
CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-4

Remove the Physical Boundaries

Engineering Marketing Acctg.

Floor 3

Floor 2

Floor 1

Group users by department, team, or application

Routers provide communication between VLANs
CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-5

VLAN Benefits
Reduced administrative costs
Simplify moves, adds, and changes

Efficient bandwidth utilization

Better control of broadcasts

Improved network security

Separate VLAN group for high-security users Relocate servers into secured locations

Scalability and performance

Microsegment with scalability Distribute traffic load
CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-6

VLAN Components
Switches, Routers, Servers, Management
Membership Establishment Communication Across Fabric Inter-VLAN Communications Server Communication Centralized Administration

SwitchesMembership determination

TrunkingCommon VLAN exchange

Multiprotocol routing Inter-VLAN exchange

ServersMulti-VLAN communication
ManagementSecurity, control, administration
www.cisco.com
1999, Cisco Systems, Inc. 9-7

CSE: Networking FundamentalsVLANs

Establishing VLAN Membership

Approaches Can Vary Performance
Port-Based

Port driven MAC address driven Network address driven

VLAN 1 VLAN 2 VLAN 3

Layer 3-Based

MAC-Based

Subnet 198.21.xx VLAN 1

Subnet 198.22.xx VLAN 2

Application type driven

CSE: Networking FundamentalsVLANs

MAC MAC Addresses Addresses VLAN 1

www.cisco.com

VLAN 2
1999, Cisco Systems, Inc. 9-8

Membership by Port
Maximizes Forwarding Performance
VLAN 3

Users assigned by port association

VLAN 2

VLAN 1

Requires no lookup if done in ASICs Easily administered via GUIs Maximizes security between VLANs Packets do not leak into other domains Easily controlled across network

CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-9

Membership by MAC Addresses

Requires Filtering, Impacts Performance
MAC Address Tables
VLAN 1 020701A3EF1A OA032192FA2A 026765175GA3A VLAN 2 050503G4GF2A 040404THTB3A 070706GGGF3A

MAC Address Tables

VLAN 1 020701A3EF1A OA032192FA2A 026765175GA3A VLAN 2 050503G4GF2A 040404THTB3A 070706GGGF3A

Table Exchange

Tables Add Administration Overhead

Users assigned based on MAC addresses

Flexible, yet adds overhead

Impacts performance, scalability, administration Similar process for higher layers
CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-10

Multiple VLANs per Port

Does This Make Sense in Switched/Shared LANs?
Mac 1 Mac 2 Mac 3 Broadcast Outgoing Mac 7 Mac 8 Mac 9

Hub

Hub

Broadcast Incoming

Mac 6 Mac 5 Mac 4 Mac 10 Mac 11

Mac 12

Requested when multiple clients are attached Requires address lookups Cannot filter broadcasts on shared segment Results in lots of administration, little return
www.cisco.com
1999, Cisco Systems, Inc. 9-11

CSE: Networking FundamentalsVLANs

Communicating Between VLANs

Two Physical Topology Approaches
Logical Communication
VLANs 1, 2, 3

Layer 3 links VLANs together Adds additional security and management Logical links conserve physical ports Multimode, depending on protocol
VLAN 3

Cisco Internetworking Software

Physical Link per VLAN

VLAN 2 VLAN 1

Controls access by VLAN

Up to 255 VLANs per router
www.cisco.com
1999, Cisco Systems, Inc. 9-12

CSE: Networking FundamentalsVLANs

Server Connectivity
Server Farm

C2900

Multiple Tagging to Each Server

C5000

C2820

Cisco 7500

C5000

VLAN 1

VLAN 2

Intelligent NICs decode tagging Maximizes performance, flexibility

CSE: Networking FundamentalsVLANs

VLAN 3

Supported by industry (Intel, CrossPoint)

www.cisco.com
1999, Cisco Systems, Inc. 9-13

VLAN Technologies

1999, Cisco Systems, Inc.

www.cisco.com

1999, Cisco Systems, Inc.

Inter-Switch Link
Interconnects multiple switches and maintains VLAN information as traffic goes between switches Establishes membership through ASICs Labels each packet as received (packet tagging) Eliminates lookups and tables Transports multiple VLANs across links Protocol, endstationindependent Easily managed
www.cisco.com
1999, Cisco Systems, Inc. 9-15

VLAN Tag Added at Incoming Port

Inter-Switch Link (ISL) Carries VLAN Identifier

VLAN Tag Stripped by Forwarding Port

CSE: Networking FundamentalsVLANs

802.10 ISL 802.1Q LANE

VLAN Standardization
Packet Tagging as Common VLAN Exchange
Level-1 Explicit Tagging
DES SRC FCS DES SRC SRC Data VLAN ID FCS DES DES SRC FCS

Wide vendor endorsement for 802.1Q tagging standard Cisco supports across Fast Ethernet, Gigabit uplinks Cisco maps ISL to 802.1Q dynamically with VTP
CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-16

VLAN Standard Implementation

Typical Environment
Cisco environment uses ISL Vendor environment uses an existing, yet different packet tagging method Interdomain communication based on 802.1Q standard
CSE: Networking FundamentalsVLANs

Cisco Domain

Vendor X Domain

802.1Q
Si Si

ISL
Company ABC
1999, Cisco Systems, Inc.

?
9-17

www.cisco.com

Virtual Trunk Protocol (VTP)

VLAN administration and configuration protocol
Reduces VLAN setup and administration Eliminates configuration errors
ISL

VLAN 1

VLAN 2
ISL

Decreases network managers time adding and managing VLANs

Maps VLANs across different backbones (FDDI, Fast Ethernet, ATM) Maps between ISL and 802.1q Maintains security between VLANs
CSE: Networking FundamentalsVLANs

LANE ATM Fabric

LANE

LANE

802.1Q
1999, Cisco Systems, Inc. 9-18

www.cisco.com

Summary
VLANs enable logical (instead of physical) groups of users on a switch VLANs address the needs for mobility and flexibility

VLANs reduce administrative overhead, improve security, and provide more efficient bandwidth utilization

CSE: Networking FundamentalsVLANs

www.cisco.com

1999, Cisco Systems, Inc.

9-19

Presentation_ID

1999, Cisco Systems, Inc.

www.cisco.com

20